If you have ever tried to get TrueCrypt and grub to play nicely, you probably are aware that it is an absolute pain in the ass.
I tried following this guide, but when I tried to boot my TrueCrypt encrypted Windows, I kept receiving the error that grub "can not find the right disk" and that "the kernel should be loaded first". Well, I got it to work, and for the sanity of myself and other, I will post my solution here.
In my case, I have a total of 3 hard drives. One solid state drive that has Windows 7 installed on it with full disk encryption via TrueCrypt, a larger hard drive with multiple fully encrypted partitons that can be used by either my Kali installation or my Windows installation (depending on the partition, I just have them automounted on boot), and a second solid state drive with my dedicated Kali Linux installation. Finally, I am relying on grub for doing the bootloading between the two operating systems.
Here is the output of fdisk -l for your reference:
root@und3rf10w:~# fdisk -l
Disk /dev/sdc: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders, total 1953525168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x13e22e1f
Device Boot Start End Blocks Id System
/dev/sdc1 * 2048 493293567 246645760 7 HPFS/NTFS/exFAT
/dev/sdc2 493295616 1953519615 730112000 7 HPFS/NTFS/exFAT
Disk /dev/sda: 120.0 GB, 120034123776 bytes
255 heads, 63 sectors/track, 14593 cylinders, total 234441648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xa29ca83d
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 206847 102400 7 HPFS/NTFS/exFAT
/dev/sda2 206848 234438655 117115904 7 HPFS/NTFS/exFAT
Disk /dev/sdb: 128.0 GB, 128035676160 bytes
255 heads, 63 sectors/track, 15566 cylinders, total 250069680 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0006aa81
Device Boot Start End Blocks Id System
/dev/sdb1 * 2048 1953791 975872 83 Linux
/dev/sdb2 1955838 250068991 124056577 5 Extended
/dev/sdb5 1955840 234375167 116209664 83 Linux
/dev/sdb6 234377216 250068991 7845888 82 Linux
- /dev/sdc is my storage hard drive
- /dev/sda is my encrypted Windows installation
- /dev/sdb is my Kali installation
- /dev/sdb1 is mounted to /boot and where I installed grub
- /dev/sdb5 is moutned to /
- /dev/sdb6 is my swap partition
The Setup
Second, I installed Kali using the above partioning scheme. Technically, you could configure it to use LVM, but that's outside of the scope of this.
Kali comes with the syslinux package installed already, so we simply need to copy it over to /boot so that it can be loaded by grub.
root@und3rf10w:~# cp /usr/lib/syslinux/memdisk /boot/
Next, copy over your TrueCrypt rescue disk to /boot.
root@und3rf10w:~# cp /media/USBDRIVE/files/truecrypt-rescue-disk.iso /boot/
We must now determine the UUID of our /boot partition. This can be done by reading /etc/fstab where XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX in this example is your UUID.
root@und3rf10w:~# cat /etc/fstab |grep /boot
# /boot was on /dev/sdb1 during installation
UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX /boot ext4 defaults 0 2
Finally, we must edit /etc/grub.d/40_custom where XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX in this example is your UUID from before.
root@und3rf10w:~# vim /etc/grub.d/40_custom
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.0db-995e-428c-af99-b5f900dd03ea
menuentry "Windows NT 6.1" {
insmod part_msdos
insmod loopback
insmod fat
insmod ext2
insmod search_fs_uuid
search --fs-uuid --no-floppy --set=boot XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
linux16 ($boot)/memdisk iso raw
initrd16 ($boot)/truecrypt-rescue-disk.iso
}
Now, to save to the changes to grub, we must update the grub.cfg.
root@und3rf10w:~# grub-mkconfig -o /boot/grub/grub.cfg
Now when you reboot, select your Windows entry from the grub menu. If everything went well, you should see the Truecrypt rescue disk interface! Thing is, when you enter your password, it will more than likely fail due to the headers getting messed up during the transition. Thankfully, this can be restored. Simply press [F8], choose option 3 to repair the key, accept the writing, press [ESC] and you will be returned to the password prompt. Enter your decryption password and you should be able to boot into your encrypted Windows installation.
These are the steps that worked for me, however, I can make no guarantee that they will work for you.
No comments:
Post a Comment
Got a question or comment? Leave it here!